Thread 'https?'

Message boards : Web interfaces : https?
Message board moderation

To post messages, you must log in.

AuthorMessage
Developer
Avatar

Send message
Joined: 3 Dec 13
Posts: 5
United States
Message 51648 - Posted: 3 Dec 2013, 23:19:14 UTC
Last modified: 3 Dec 2013, 23:24:52 UTC

I tried a Web RPC call using https (to get a user's credits...); it didn't work, while an http one did. Is support for https on Web RPC calls elective? (that would be unfortunate if they are...) Do some projects support that and others don't? Any rough idea of the percentage of ones that do?? (wild guesses accepted...)
ID: 51648 · Report as offensive
ChristianB
Volunteer developer
Volunteer tester

Send message
Joined: 4 Jul 12
Posts: 321
Germany
Message 51651 - Posted: 4 Dec 2013, 8:03:45 UTC

As every project is a self controlled instance of BOINC it is the project's responsibility to get a SSL-certificate and implement https. So far I know of 3 or 4 projects (out of maybe 70 public ones) that have SSL enabled. So if you are writing a tool that communicates with different projects you should somehow implement a logic to see if the project supports https and remember this setting.
ID: 51651 · Report as offensive
Developer
Avatar

Send message
Joined: 3 Dec 13
Posts: 5
United States
Message 51653 - Posted: 4 Dec 2013, 8:17:48 UTC - in response to Message 51648.  

Answer: It is elective.

Suggestion: A friendly recommendation for supporting https should be included in the documentation. This way accounting software that is tracking credits cannot be sabotaged by man-in-the-middle through DNS poisoning, and thus users get fictitiously awarded points when they should not...
ID: 51653 · Report as offensive
Developer
Avatar

Send message
Joined: 3 Dec 13
Posts: 5
United States
Message 51654 - Posted: 4 Dec 2013, 8:21:39 UTC - in response to Message 51651.  
Last modified: 4 Dec 2013, 8:28:09 UTC

You just posted before I did above; I also found that very few projects support https. My guess as to why is because their boinc is often running on a subdomain URL (for example: boinc.project.com), and they did not pop the extra bucks for a wildcard SSL certificate.

If those projects having SSL and presently using subdomains were to support an alternative URL path (project.com/boinc) by adding a directive for rewriting to their Apache conf file(s), then it would work...
ID: 51654 · Report as offensive

Message boards : Web interfaces : https?

Copyright © 2024 University of California.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.